fix(SNI): delete expired autogenerated SNI certificate

Author: andris9

lib/cert-handler.js

@@ -130,13 +130,34 @@ class CertHandler {
             {
                 upsert: false,
                 returnDocument: 'after',
-                projection: { _id: true }
+                projection: { _id: true, autogenerated: true, expires: true, servername: true }
             }
         );
 
-        if (r && r.value) {
+        if (r?.value) {
+            const certData = r.value;
+            const now = new Date();
+
+            if (certData.autogenerated && certData.expires < now) {
+                // delete expired automatic cert, do not try to renew it
+                try {
+                    let r = await this.database.collection('certs').deleteOne({ _id: certData._id });
+                    if (r?.deletedCount) {
+                        this.loggelf({
+                            short_message: `Deleted autogenerated certificate ${certData.cervername}`,
+                            _sni_servername: certData.cervername,
+                            _cert_action: 'sni_autodelete'
+                        });
+                    }
+                } catch (err) {
+                    //ignore
+                }
+
+                return await this.getNextRenewal();
+            }
+
             // use getRecord to decrypt secrets
-            return await this.getRecord({ _id: r.value._id }, true);
+            return await this.getRecord({ _id: certData._id }, true);
         }
 
         return false;
@@ -728,7 +749,7 @@ class CertHandler {
         log.verbose('Certs', 'ACME precheck passed. action=precheck domain=%s', domain);
 
         this.loggelf({
-            short_message: ` Autogenerating TLS certificate for ${domain}`,
+            short_message: `Autogenerating TLS certificate for ${domain}`,
             _sni_servername: domain,
             _cert_action: 'sni_autogenerate'
         });